class RuboCop::Cop::GitlabSecurity::SendFileParams

basename = File.expand_path(“/tmp/myproj”) filename = File.expand_path(File.join(basename, @file.public_filename)) raise if basename != filename send_file filename, disposition: 'inline'

Constants

MSG

Public Instance Methods

on_send(node) click to toggle source
# File lib/rubocop/cop/gitlab-security/send_file_params.rb, line 29
def on_send(node)
  return unless node.command?(:send_file)
  return unless node.arguments.any? { |e| params_node?(e) }

  add_offense(node, location: :selector)
end